You can set up SSL communication to be used between the Ops Center Automator server and the Ops Center API Configuration Manager REST API server by using a self-signed certificate or a certificate issued by a certificate authority. You can also change the cipher suites to be used.
If you already set up SSL on the Ops Center API Configuration Manager server, including creating the certificates, go to step 2. Otherwise, start at step 1.
- Set up SSL on the Ops Center API Configuration Manager REST API server. For details, see “Specifying settings for using SSL communication between REST API clients and the REST API server (when using a self-signed certificate)” or “Specifying settings for using SSL communication between REST API clients and the REST API server (when using a server certificate issued by a certificate authority)" in the Hitachi Ops Center API Configuration Manager REST API Reference Guide.
- Import the certificates into the Common Component truststore by running the following command:
For Windows:
Common-Component-installation-folder\bin\hcmds64keytool -import -alias
alias-name -keystore Common-Component-installation-folder\uCPSB11
\hjdk\jdk\lib\security\jssecacerts -file certificate-file -storetype JKS
For Linux:
Common-Component-installation-directory/uCPSB11/jdk/bin/keytool -import -alias alias-name -keystore Common-Component-installation-directory/uCPSB11/
hjdk/jdk/lib/security/jssecacerts -file certificate-file -storetype JKS
To import the certificates in Java, ensure that the truststore password includes six or more characters. In addition, ensure that the new alias name does not conflict with an existing alias name. Since the certificates used vary depending on the environment and configuration, import either or both RSA and ECDSA certificates into the Common Component truststore based on the certificates available in the Ops Center API Configuration Manager REST API server.
- (Optional) If you want to change the cipher suites to be used for communication with the Ops Center API Configuration Manager REST API server, do the following:
Note: When you use built-in service templates to communicate with the Ops Center API Configuration Manager REST API server, the property in this step has no effect and you do not need to perform this step.
- Open the config_user.properties file from the following location.
In Windows (non-cluster):
Automation-software-installation-folder\conf In Windows (cluster): shared-folder_name\Automation\conf
In Linux: Automation-software-installation-directory/conf
- Edit the tls.client.cipherSuites line. If the tls.client.cipherSuites line does not exist, add it.
One of the cipher suites in the tls.client.cipherSuites line is used in the communication. Specify the cipher suites you want to use in the tls.client.cipherSuites line. If there are multiple cipher suites you want to use, specify the cipher suites separated by commas.
For available cipher suites, see Cipher suites supported as a client.
For details about the tls.client.cipherSuites property, see Changing the system configuration.
- Restart the services by running the hcmds64srv command.